using a global validation service to unite communities
If you can't read please download the document
DESCRIPTION
Using a Global Validation Service to Unite Communities. Jon Shamah EMEA Head of Sales, BBS eSecurity. WELCOME TO A NEW LEADING NORDIC COMPANY. Many Communities Interacting Together. Many Communities Interacting Together. Humans are basically tribal brought together by common needs - PowerPoint PPT PresentationTRANSCRIPT
-
s.*
Using a Global Validation Serviceto UniteCommunities
Jon ShamahEMEA Head of Sales, BBS eSecurity
-
WELCOME TO A NEW LEADING NORDIC COMPANY
-
Many Communities Interacting Together
-
Many Communities Interacting TogetherHumans are basically tribalbrought together by common needsIndividual members being trusted within their own communities
-
Many Communities Interacting TogetherBut cross tribal communications are essential to commerce
-
Many Communities Interacting TogetherSo how can contractual trust be established between communities ?
-
Many Communities Interacting TogetherEspecially with multiple relationships?
-
Many Communities Interacting TogetherEspecially with multiple relationships?
-
US Federal Bridge c2006Not Much Fun ?
-
What Can Go Wrong? Why Bother ?RepudiationCompany credentialsCorrespondent credentials
DisputeDocument ContentChronology
CompliancePost transaction investigationTransparency
-
Business Challenges when Dealing with eIDs from Other Communities Determining risk related to accepting an eID from another CommunityQualityTrustworthiness LiabilityEstablishing business processes for handling those eIDsPredicting cost for authentication and validation with SLAs Managing exceptions S. *
-
Business Challenges when Dealing with eIDs from Other Communities Determining risk related to accepting an eID from another CommunityQualityTrustworthiness LiabilityEstablishing business processes for handling those eIDsPredicting cost for authentication and validation with SLAs Managing exceptions S. *
-
The Role of a Global Validation Service
The primary role of a Global Validation Service is to provide a common trust (and hence liability) model enabling secure and trusted message flows between multiple communities using different identity providers without having to establish bilateral agreements between all possible combinations.Effort = Cost = Risk
-
BBS Global Validation Service: History2006: DNV initiates project to build an independent identity validation service based on proven risk-based methodologies and using Ascertia Technology.
2007: BBS chosen as delivery partner2009: BBS incorporates Global Validation Service into its SaaS portfolio maintaining DNV for CA risk analysis and T3P integrity.2009: BBSs Global Validation Service chosen as Trust Anchor for Norwegian Govts eHandel e-Procurement Solution
s.*
-
DNV Providing Risk Assessment - Examples.*
-
s.*Global Validation Service FunctionA Global Validation Service should:manage signatures from many different communities within the digital processprovide an independent CA quality data for policy based processeswork in a global environment not just Europeprovide guaranteed service levels for timely business decisions Inform the Relying Party on the quality and trustworthiness of the signed documents received
-
Aiding inter-Community RelationshipsRisk reduction The Global Validation Service takes on the risk management of the transactionTrust A signature recipient can trust the Global Validation Service, as opposed to multiple Certificate Authorities, each having its own liability agreements under different national lawsBusiness processesThere is one contract partner, one point of billing, one liable actor under contract law, no matter how many communities you interact with. ComplianceThere is just one point of enforcement and historical recordSecurityDocuments do not leave local domain.
s.*
-
Sequence of EventsSender uses certificate from their CA to sign documentSender transmits signed documentsReceiver refers document to BBS via Gateway which hashes document for securityGVS checks the signature against known Certificate Authorities for quality and applies Receivers own policiesGVS responds with assessment and Fit for Purpose recommendation BBS Global Validation Service Architectures.*
-
Connecting Communities s. *
-
Technical ComplianceUses advanced CRL freshness policies to ensure the most up-to-date answersSupports OASIS, ETSI, IETF, W3C and other relevant industry standardsSupport for PEPPOL and other EU initiativesComplexity of multiple signature formats, and certificate validation processes managed by GVS:PDF, XML DSig, PKCS#7, CMS, S/MIME, XAdES, CAdES, PAdES s. *
-
SummaryInter Community transactions are complex if you wish to manage risk.
Digital signatures can solve many issues but.....The variable quality, risk and liability associated with many different eIDs and eSignatures from different communities leads to complexity and cost
A Global Validation Service (GVS) can act as a single point for compliance and transparencyreduce relying-party needs for many one-to-one contractsdetermine if communication is Fit For Purpose for the relying partywiden the market access for any community s. *Global Validation Services are provided from BBS
-
s.*Jon Shamah
EMEA Head of [email protected]: +44.7813.111290
BBS, eSecurityHaavard Martinsens vei 54, N-0045 OSLO
******************